sm: Print diagnostic about CRL problems due to Tor mode.

* dirmngr/crlfetch.c (crl_fetch, crl_fetch_default)
(ca_cert_fetch, start_cert_fetch): Factor Tor error out to ...
(no_crl_due_to_tor): new.  Print status note.

* dirmngr/ks-engine-ldap.c (ks_ldap_get)
(ks_ldap_search, ks_ldap_put): Factor Tor error out to ...
(no_ldap_due_to_tor): new.  Print status note.

* dirmngr/ocsp.c (do_ocsp_request): Print status note.
* sm/misc.c (gpgsm_print_further_info): New.
* sm/call-dirmngr.c (warning_and_note_printer): New.
(isvalid_status_cb): Call it.
(lookup_status_cb): Ditto.
(run_command_status_cb): Ditto.

* common/asshelp2.c (vprint_assuan_status): Strip a possible trailing
LF.

--

3 files changed, 39 insertions, 23 deletions

diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
index b3fdc0cc6..2e0859861 100644
--- a/dirmngr/crlfetch.c
+++ b/dirmngr/crlfetch.c
@@ -147,6 +147,19 @@ my_es_read (void *opaque, char *buffer, size_t nbytes, size_t *nread)
 }
 
 
+/* For now we do not support LDAP over Tor.  */
+static gpg_error_t
+no_crl_due_to_tor (ctrl_t ctrl)
+{
+  gpg_error_t err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+  const char *text = _("CRL access not possible due to Tor mode");
+
+  log_error ("%s", text);
+  dirmngr_status_printf (ctrl, "NOTE", "no_crl_due_to_tor %u %s", err, text);
+  return gpg_error (GPG_ERR_NOT_SUPPORTED);
+}
+
+
 /* Fetch CRL from URL and return the entire CRL using new ksba reader
    object in READER.  Note that this reader object should be closed
    only using ldap_close_reader. */
@@ -233,9 +246,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
         }
       else if (dirmngr_use_tor ())
         {
-          /* For now we do not support LDAP over Tor.  */
-          log_error (_("CRL access not possible due to Tor mode\n"));
-          err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+          err = no_crl_due_to_tor (ctrl);
         }
       else
         {
@@ -259,9 +270,7 @@ crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader)
 {
   if (dirmngr_use_tor ())
     {
-      /* For now we do not support LDAP over Tor.  */
-      log_error (_("CRL access not possible due to Tor mode\n"));
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+      return no_crl_due_to_tor (ctrl);
     }
   if (opt.disable_ldap)
     {
@@ -291,9 +300,7 @@ ca_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context, const char *dn)
 {
   if (dirmngr_use_tor ())
     {
-      /* For now we do not support LDAP over Tor.  */
-      log_error (_("CRL access not possible due to Tor mode\n"));
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+      return no_crl_due_to_tor (ctrl);
     }
   if (opt.disable_ldap)
     {
@@ -318,9 +325,7 @@ start_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context,
 {
   if (dirmngr_use_tor ())
     {
-      /* For now we do not support LDAP over Tor.  */
-      log_error (_("CRL access not possible due to Tor mode\n"));
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+      return no_crl_due_to_tor (ctrl);
     }
   if (opt.disable_ldap)
     {
diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index e0f8e6f7c..dd796a326 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -847,6 +847,20 @@ extract_keys (estream_t output,
   es_fprintf (output, "INFO %s END\n", certid);
 }
 
+
+/* For now we do not support LDAP over Tor.  */
+static gpg_error_t
+no_ldap_due_to_tor (ctrl_t ctrl)
+{
+  gpg_error_t err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+  const char *msg = _("LDAP access not possible due to Tor mode");
+
+  log_error ("%s", msg);
+  dirmngr_status_printf (ctrl, "NOTE", "no_ldap_due_to_tor %u %s", err, msg);
+  return gpg_error (GPG_ERR_NOT_SUPPORTED);
+}
+
+
 /* Get the key described key the KEYSPEC string from the keyserver
    identified by URI.  On success R_FP has an open stream to read the
    data.  */
@@ -869,9 +883,7 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
 
   if (dirmngr_use_tor ())
     {
-      /* For now we do not support LDAP over Tor.  */
-      log_error (_("LDAP access not possible due to Tor mode\n"));
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+      return no_ldap_due_to_tor (ctrl);
     }
 
   /* Make sure we are talking to an OpenPGP LDAP server.  */
@@ -1067,9 +1079,7 @@ ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
 
   if (dirmngr_use_tor ())
     {
-      /* For now we do not support LDAP over Tor.  */
-      log_error (_("LDAP access not possible due to Tor mode\n"));
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+      return no_ldap_due_to_tor (ctrl);
     }
 
   /* Make sure we are talking to an OpenPGP LDAP server.  */
@@ -1959,9 +1969,7 @@ ks_ldap_put (ctrl_t ctrl, parsed_uri_t uri,
 
   if (dirmngr_use_tor ())
     {
-      /* For now we do not support LDAP over Tor.  */
-      log_error (_("LDAP access not possible due to Tor mode\n"));
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+      return no_ldap_due_to_tor (ctrl);
     }
 
   err = my_ldap_connect (uri, &ldap_conn, &basedn, NULL, NULL, &serverinfo);
diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c
index 177bd67f8..f8b3e8c79 100644
--- a/dirmngr/ocsp.c
+++ b/dirmngr/ocsp.c
@@ -145,8 +145,11 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp,
     {
       /* For now we do not allow OCSP via Tor due to possible privacy
          concerns.  Needs further research.  */
-      log_error (_("OCSP request not possible due to Tor mode\n"));
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+      const char *msg = _("OCSP request not possible due to Tor mode");
+      err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+      log_error ("%s", msg);
+      dirmngr_status_printf (ctrl, "NOTE", "no_ocsp_due_to_tor %u %s", err,msg);
+      return err;
     }
 
   if (opt.disable_http)